Security News > 2022 > April > Fake Windows 10 updates infect you with Magniber ransomware
Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.
While researching the campaign, we discovered a topic in our forums where readers report becoming infected by the Magniber ransomware after installing what is believed to be Windows 10 cumulative or security update.
Other downloads pretend to be Windows 10 cumulative updates, using fake knowledge base articles, as shown below.
While it's not 100% clear how the fake Windows 10 updates are being promoted, the downloads are distributed from fake warez and crack sites.
The ransomware also creates ransom notes named README.html in each folder that contains instructions on how to access the Magniber Tor payment site to pay a ransom.
The Magniber payment site is titled 'My Decryptor' and will allow a victim to decrypt one file for free, contact 'support,' or determine the ransom amount and bitcoin address victims should make a payment.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Use Windows event logs for ransomware investigations, JPCERT/CC advises (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Windows 10 KB5046613 update released with fixes for printer bugs (source)
- Microsoft just killed the Windows 10 Beta Channel again (source)
- Microsoft just killed the Windows 10 Beta Channel for good (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Windows 10 KB5046714 update fixes bug preventing app uninstalls (source)